OSPF形成邻居关系的条件及验证

1、形成邻居条件:

1)区域ID相同;
2)hello,dead时间一致;
3)认证,认证密码一致;
4)区域性质一致(例都是普通区域,或者都是末节区域等等)。
 

2、验证

2.1、基本配置

R1:
en
conf t
no ip domain-lookup
host R1
inter s1/1
ip add 10.10.1.1 255.255.255.252
description  to-R2-s1/0
no shut
exit
interface Loopback100
 ip address 1.1.1.1 255.255.255.0
router ospf 100
 network 10.10.1.1 0.0.0.0 area 0

R2:
en
conf t
no ip domain-lookup
host R2
inter s1/0
ip add 10.10.1.2 255.255.255.252
description  to-R1-s1/1
no shut
inter s1/1
ip add 10.10.2.1 255.255.255.252
description  to-R3-s1/0
no shut
exit
interface Loopback200
 ip address 2.2.2.2 255.255.255.0
router ospf 200
 network 10.10.1.2 0.0.0.0 area 0

//此邻居关系理论上已经建立成功:

R1#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           0   FULL/  -        00:00:39    10.10.1.2       Serial1/1

R2#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           0   FULL/  -        00:00:31    10.10.1.1       Serial1/0

2.2、验证过程

2.2.1、区域不同

把R2的区域修改成area 1

R2(config-router)#network 10.10.1.2 0.0.0.0 area 1
R2(config-router)#
*Oct 23 15:53:50.927: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Oct 23 15:53:50.935: %OSPF-6-AREACHG: 10.10.1.2/32 changed from area 0 to area 1
*Oct 23 15:53:57.755: %OSPF-4-ERRRCV: Received invalid packet: mismatch area ID, from backbone area must be virtual-link but not found from 10.10.1.1, Serial1/0

//更改区域后,提示邻居关系已经中断,原因是区域号不一致,建议通过虚拟链路来实现。
R2(config-router)#do sh ip ospf nei

R2(config-router)#

//查看R2邻居已经丢失。

R1#sh ip ospf neighbor

R1#sh ip ospf neighbor

//查看R1邻居也已经丢失。

R2(config-router)#network 10.10.1.2 0.0.0.0 area 0
R2(config-router)#
*Oct 23 15:58:03.699: %OSPF-6-AREACHG: 10.10.1.2/32 changed from area 1 to area 0
*Oct 23 15:58:03.759: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from LOADING to FULL, Loading Done
R2(config-router)#do sh ip ospf nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           0   FULL/  -        00:00:33    10.10.1.1       Serial1/0
R2(config-router)#

//R2配置还原成area 0,邻居关系马上恢复。

R1#
*Oct 23 15:58:04.019: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on Serial1/1 from LOADING to FULL, Loading Done

//R1邻居关系也恢复。

2.2.2 hello,dead时间一致;
注:基于接口来修改时间,修改hello时,dead时间同时修改,保持为hello的4倍。

默认的时间如下:

R2(config-if)#do sh ip ospf inter s1/0
Serial1/0 is up, line protocol is up
  Internet Address 10.10.1.2/30, Area 0
  Process ID 200, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:05
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 1.1.1.1
  Suppress hello for 0 neighbor(s)

 

修改如下:

R2(config-if)#ip ospf hello-interval 20

//由10s修改20s


R2(config-if)#do sh ip ospf inter s1/0
Serial1/0 is up, line protocol is up
  Internet Address 10.10.1.2/30, Area 0
  Process ID 200, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 20, Dead 80, Wait 80, Retransmit 5
    oob-resync timeout 80
    Hello due in 00:00:18
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 1.1.1.1
  Suppress hello for 0 neighbor(s)

//已修改成为20s,同时dead时间也修改成80s

R2(config-if)#
R2(config-if)#
*Oct 23 16:05:07.747: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from FULL to DOWN, Neighbor Down: Dead timer expired

//提示邻居关系已中断,原因是dead时间不匹配。

还原配置:

R2(config-if)#no ip ospf hello-interval 20
R2(config-if)#do sh ip ospf inter s1/0   
Serial1/0 is up, line protocol is up
  Internet Address 10.10.1.2/30, Area 0
  Process ID 200, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:07
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 0, Adjacent neighbor count is 0
  Suppress hello for 0 neighbor(s)
R2(config-if)#
*Oct 23 16:07:27.843: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from LOADING to FULL, Loading Done

//邻居关系恢复。

单独修改dead时间:

R2(config-if)#ip ospf dead-interval 50
R2(config-if)#do sh ip ospf inter s1/0
Serial1/0 is up, line protocol is up
  Internet Address 10.10.1.2/30, Area 0
  Process ID 200, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 50, Wait 50, Retransmit 5
    oob-resync timeout 50
    Hello due in 00:00:00
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 1.1.1.1
  Suppress hello for 0 neighbor(s)

//只修改dead时间,hello时间不变

R2(config-if)#
*Oct 23 16:09:27.739: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from FULL to DOWN, Neighbor Down: Dead timer expired

//邻居关系也会中断,提示与hello时间不同的现象一样。

R2(config-if)#no ip ospf dead-interval 50
*Oct 23 16:10:29.531: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from LOADING to FULL, Loading Done

//再还原配置。

2.2.3 认证,认证密码一致;
1)3认证类型

无认证;

明文认证;

MD5认证;

2)必要条件

认证类型和密码都要一致。

3)各种情况验证

第一种:两端无认证,默认的配置就符合这种情况,故不在此做验证。

第二种:两端都为明文认证,此情况不需要在此做验证,真有疑问,请找cisco研发;

第三种:两端都为MD5认证,同上;

第四种:无认证+明文认证;

R1:配置不改

R2:改为明文认证

R2(config-if)#ip ospf authentication         
R2(config-if)#ip ospf authentication-key cisco
R2(config-if)#
*Oct 23 16:24:07.747: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from FULL to DOWN, Neighbor Down: Dead timer expired
R2(config-if)#

//配置完成后,提示邻居已经中断;

在R1上开启debug后输出信息如下:

R1#debug ip ospf events
OSPF events debugging is on
R1#
*Oct 23 16:24:47.983: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/1 from 10.10.1.1
*Oct 23 16:24:49.675: OSPF: Rcv pkt from 10.10.1.2, Serial1/1 : Mismatch Authentication type. Input packet specified type 1, we use type 0

//提示对方使用type 1(明文认证),我(R1)使用type 0(无认证)

 

第五种:无认证+MD5认证;

R1:配置不改

R2:改为MD5认证

R2(config-if)#ip ospf authentication message-digest

R2(config-if)#ip ospf authentication-key cisco

//邻居关系自然也是不能建立的。

查看R1的debug信息如下:

Oct 23 16:30:07.987: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/1 from 10.10.1.1
*Oct 23 16:30:09.639: OSPF: Rcv pkt from 10.10.1.2, Serial1/1 : Mismatch Authentication type. Input packet specified type 2, we use type 0

//提示对方使用type 2(MD5认证),我(R1)使用type 0(无认证)

第六种:明文认证+MD5认证+key相同;

R2保持上面配置,

R1改为明文认证:

R1(config-if)#ip ospf authentication-ke
R1(config-if)#ip ospf authentication-key cisco

在R2上开启debug信息如下:

*Oct 23 16:34:49.411: OSPF: Send with youngest Key 0
*Oct 23 16:34:49.411: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/0 from 10.10.1.2
*Oct 23 16:34:57.763: OSPF: Rcv pkt from 10.10.1.1, Serial1/0 : Mismatch Authentication type. Input packet specified type 1, we use type 2

//提示认证类型不同。

还原认证配置。

2.2.4、区域性质一致

有点累了,所以省略,有时间再做了------------

你可能感兴趣的:(认证,NetWork,密码,Address,hello)